1 WHAT IS CLAIMED IS : 

2 LA method of authenticating a user ID by making use of a net entry 

3 apparatus (40) possessing a cryptography security mechanism to establish two- 

4 way communication with an authentication server (20) and an application server 

5 (30) through a host computer (10), involving a two stage authentication process, 

6 wherein 

7 the first-stage authentication is conducted between the net entry apparatus 

8 (40) and the authentication server (20), whereby the authentication server (20) 

9 obtains the basic data or user ID from the net entry apparatus (40) to generate a 

10 random number test key, and then sends it to the net entry apparatus (40); then the 

1 1 net entry apparatus (40) encrypts the test key with an embedded private key and 

12 sends it back to the authentication server (20); then the authentication server (20) 

13 retrieves its own copy of the test key, adds an encryption with a symmetrical test 

14 key, and compares it with the test key received; then if these two test keys 

1 5 correspond with each other, the authentication server (20) generates a network key 

1 6 and sends it to the host computer (10); 

17 the second- stage authentication is conducted after the network key is 

1 8 received by the authentication server (20), whereby the authentication server (20) 

19 generates an encrypted token with the network key and sends it to the host 

20 computer (10); then the host computer (10) issues the encrypted token to the 

21 application server (30) to which the user intends to gain access; then the 

22 application server (30) receiving the encrypted token passes it back to the 

23 authentication server (20) for verification; then the authentication server (20) 

24 decrypts the returned token with the network key and compares it with the original 
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1 token; then if the two tokens correspond with each other, the authentication server 

2 (20) notifies the application server (30) that the user ID is valid; otherwise, the 

3 user ID is invalid if these two tokens do not match. 

4 2. The method of authenticating a user ID as claimed in claim 1 , wherein 

5 the first stage authentication further includes: 

6 activating the authentication process; 

7 reading off the basic data or user ID of the net entry apparatus (40), by the 

8 host computer (10), and sending it to the authentication server (20); 

9 generating a random number test key, by the authentication server (20), on 

10 receiving the user ID of the net entry apparatus (40) and keeping a copy of the 

1 1 random number test key; 

12 encrypting the random number test key using the private key of the net 

13 entry apparatus (40), and sending it to the authentication server (20); 

14 retrieving own copy of random number test key, by the authentication 

1 5 server (20) for encryption with the symmetrical copy of the private key, and 

16 comparing it with the received test key; 

17 generating a network key, by the authentication server (20), if the two test 

18 keys correspond with each other (20). 

19 3. The method of authenticating a user ID as claimed in claim 2, wherein 

20 the second stage authentication further includes: 

21 using the network key generated in the first stage authentication to encrypt 

22 a token, by the authentication server (20), and passing the encrypted token to the 

23 host computer (10); 
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1 sending the encrypted token to the application server (30) from the host 

2 computer (10); 

3 passing the encrypted token to the authentication server (20) for 

4 verification when the application server (30) receives the encrypted token; 

5 decrypting the token with the network key, by the authentication server 

6 (20), and comparing it with the original copy of token; 

7 notifying the application server (30) that the user ID is valid for the 

8 intended on-line transactions, if these two tokens correspond with each other; or 

9 the user is invalid if these two tokens do not correspond. 

10 4. The method of authenticating a user ID as claimed in claim 1, wherein 

1 1 the private key embedded in the net entry apparatus (40) and maintained by the 

12 authentication server (20) is created with a high compression security standard of 

13 AES 128-256 bits. 

14 5. The method of authenticating a user ID as claimed in claim 2, wherein 

15 the private key embedded in the net entry apparatus (40) and maintained by the 

16 authentication server (20) is created with a high compression security standard of 

17 AES 128-256 bits. 

1 8 6. The method of authenticating a user ID as claimed in claim 3, wherein 

1 9 the private key embedded in the net entry apparatus (40) and maintained by the 

20 authentication server (20) is created with a high compression security standard of 

21 AES 128-256 bits. 

22 7. The method of authenticating a user ID as claimed in claim 1 , wherein 

23 the private key embedded in the net entry apparatus (40) and maintained by the 
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1 authentication server (20) is created with regular security standards complying 

2 with RSA, DES, 3DES, MD5, MD2, and SHA-1 . 

3 8. The method of authenticating a user ID as claimed in claim 2, wherein 

4 the private key embedded in the net entry apparatus (40) and maintained by the 

5 authentication server (20) is created with regular security standards complying 

6 with RSA, DES, 3DES, MD5, MD2, and SHA- 1 . 

7 9. The method of authenticating a user access to network stations as 

8 claimed in claim 3. wherein the private key embedded in the net entry apparatus 

9 (40) and maintained by the authentication server (20) is created with regular 

1 0 security standards complying with RSA, DES, 3DES, MD5 , MD2, and SHA- 1 . 

11 10. A net entry apparatus (40) for use in authentication, comprising: 

1 2 a microprocessor (4 1 ) for internal computation; 

13 a connection interface (42) for linking up with the host computer (10); 

14 an encryption unit (43) for creating encrypted data; 

15 a system memory (44) for temporarily saving of user ID of the net entry 

1 6 apparatus (40) and random number test key. 

17 11. The net entry apparatus as claimed in claim 10, wherein the 

1 8 microprocessor (4 1 ) is built in with RISC capability. 

19 12. The net entry apparatus as claimed in claim 10, wherein the 

20 connection interface (42) has a USB 1.1 or a higher specification. 

21 13. The net entry apparatus as claimed in claim 10, wherein the encryption 

22 unit (43) is created with high compression security standards of AES 128-256 bits. 

23 14. The net entry apparatus as claimed in claim 10, wherein the encryption 
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1 unit (43) is created with regular security standards complying with RSA, DES, 

2 3DES, MD5, MD2, and SHA-I . 

3 15. The net entry apparatus as claimed in claim 10, wherein the system 

4 memory (44) is built with a read only memory, dynamic random access memory, 

5 and erasable programmable read-only memory devices. 
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